Removes any issued AuthenticityToken or SignedToken from a Result
.
Removes any issued AuthenticityToken or SignedToken from a Result
.
The Result
to remove all issued tokens from.
A new Result
without any issued tokens.
Attempts to extract an AuthenticityToken from a RequestHeader
.
Attempts to extract an AuthenticityToken from a RequestHeader
.
The RequestHeader
to extract the token from.
An AuthenticityToken if the request contains a token with a valid signature. Otherwise, None
.
Puts an AuthenticityToken into a Result
to return to a user.
Puts an AuthenticityToken into a Result
to return to a user.
The AuthenticityToken to be issued to a user.
A Result
containing a SignedToken or AuthenticityToken.
Requires a CookieSigner
to sign tokens and verify token signatures.
Signs an AuthenticityToken and concatenates it with its signature.
Signs an AuthenticityToken and concatenates it with its signature. ("$${signature}$${token}") The resulting SignedToken is meant to be issued to a user (e.g., within a cookie).
The AuthenticityToken to sign.
The signature of the AuthenticityToken concatenated with the token itself.
Verifies that a SignedToken token is valid by comparing the stored signature in the SignedToken to the signature of the raw AuthenticityToken that is part of the SignedToken.
Verifies that a SignedToken token is valid by comparing the stored signature in the SignedToken to the signature of the raw AuthenticityToken that is part of the SignedToken. In order for any SignedToken to be valid, it must be issued via the TokenAccessor#sign method.
The SignedToken to validate.
The contained AuthenticityToken if the signature is valid, otherwise None
.
Provides an interface for managing sessions client-side via requests and results. A TokenAccessor should be able to add or remove a SignedToken from a
Result
, as well as verify the signature of a SignedToken from aRequestHeader
.While it is not required to use them, token accessors should use the available signing methods in this trait to sign and verify tokens so that they cannot be tampered with by an attacker.